nginx · ADubhlaoich · Sep 25, 2025 · Sep 25, 2025
@@ -66,14 +66,6 @@ Use the [NGINX App Protect WAF Compiler]({{< ref "/nap-waf/v5/admin-guide/compil
 
 For signature updates, read the [Update App Protect Signatures]({{< ref "/nap-waf/v5/admin-guide/compiler.md#update-app-protect-signatures" >}}) section of the compiler documentation.
 
-## Policy Lifecycle Management
-
-NGINX App Protect WAF v5 introduces Policy Lifecycle Management (PLM) as a comprehensive solution for automating the management, compilation, and deployment of security policies within Kubernetes environments. PLM extends the WAF compiler capabilities by providing a native Kubernetes operator-based approach to policy orchestration.
-
-The Policy Lifecycle Management system is architected around a **Policy Controller** that implements the Kubernetes operator pattern to manage the complete lifecycle of WAF security artifacts. The system addresses the fundamental challenge of policy distribution at scale by eliminating manual intervention points and providing a declarative configuration model through Custom Resource Definitions (CRDs) for policies, logging profiles, signatures, and user-defined signatures.
-
-For detailed information about PLM architecture, functional components, and deployment procedures, see [Policy Lifecycle Management Guide]({{< ref "/nap-waf/v5/admin-guide/policy-lifecycle-management.md" >}}).
-
 ---
 
 ## Transitioning from NGINX App Protect WAF v4 to v5

@@ -2,6 +2,7 @@
 title: Policy Lifecycle Management
 weight: 200
 toc: true
+draft: true
 type: how-to
 product: NAP-WAF
 ---

@@ -1048,7 +1048,6 @@ This table summarizes the nginx.conf directives for NGINX App Protect WAF functi
 |load_module | load_module <library_file_path> | NGINX directive to load the App Protect module. It must be invoked with the App Protect library path | Global | load_module modules/ngx_http_app_protect_module.so |
 |app_protect_enforcer_address | <hostname/ip>:<port> | The Enforcer service address. | HTTP | app_protect_enforcer_address 127.0.0.1:50000; |
 |app_protect_enable | app_protect_enable on &#124; off | Whether to enable App Protect at the respective context. If not present, inherits from the parent context | HTTP, Server, Location | app_protect_enable on |
-|app_protect_default_config_source | app_protect_default_config_source <resource_name> | Directive to specify custom resource for policy/logging profile bundles. Currently, only "custom-resource" is supported, and it enables Policy Lifecycle Management functionality. See [Policy Lifecycle Management]({{< ref "/nap-waf/v5/admin-guide/policy-lifecycle-management.md" >}}) for more details. | HTTP | app_protect_default_config_source "custom-resource" |
 |app_protect_policy_file | app_protect_policy_file <file_path> | Set a App Protect policy configuring behavior for the respective context. | HTTP, Server, Location | app_protect_policy_file /config/waf/strict_policy.tgz |
 |app_protect_security_log_enable | app_protect_security_log_enable on &#124; off | Whether to enable the App Protect per-request log at the respective context. | HTTP, Server, Location | app_protect_security_log_enable on |
 |app_protect_security_log | app_protect_security_log <file_path> <destination> | Specifies the per-request logging: what to log and where | HTTP, Server, Location | app_protect_security_log /config/waf/log_illegal.tgz syslog:localhost:522 |